You have a small business. You have been running Windows Small Business Server 2003 for six years, and you know that it is time to retire it. The question is, what should replace it?
Before you make any definitive decisions, why not review what you need your server to do:
- File Server
- Mail Server
- Internet Portal
- Centralized Management
For the past several years you have paid a consultant to manage the server and your client PCs, and have primarily called him in for break-fix issues. Maybe you were industrious and decided to learn the basics of IT so you could do a lot of the maintenance yourself. You might even be a small-business IT consultant who has been managing and maintaining SBS environments for your clients.
You have heard so much about the cloud that you are in a bit of a fog… you know that people are talking about cloud-services, but haven’t quite figured out how they can work for you… to save you money, to earn you money.
Replacing the Server
For most small businesses I still recommend a centralized server; Active Directory is still the best mechanism you will find for centralized user management, and Group Policy allows you to lock down your environment.
With that being said, many of the functionalities offered in Microsoft Small Business Server are now available as part of two cloud-services offerings from Microsoft. Microsoft Office 365 offers all of the functionality listed above (File Server, Mail Server, Internet Portal) and much more. It is actually all of the following products in the cloud:
- Microsoft Exchange Server
- Microsoft SharePoint Server
- Microsoft Lync Server
- Microsoft Office Web Access
Office 365 allows you to have the functionality of all of these tools… without having to purchase or maintain them. It also means that you will always have the latest versions of all of these… without having to upgrade. ‘Your servers’ will be maintained by the Microsoft IT team, without your having to pay them hundreds of dollars per hour. If any of your services go down (and admittedly they do occasionally) you can rest assured that before you even discover the outage the people who know the products best will already be well on their way to fixing the issues.
Managing the Desktop
Between the operating system and the applications, there is a lot of work that goes into the proper maintenance of your PCs. That includes anti-malware, patch management, policies, and more. Additionally being able to generate and view reports is a huge benefit – as I always say If you cannot measure it, you cannot manage it!
So Before we get into application side of things, let’s discuss the benefits of the second cloud-services offering, Windows InTune. InTune installs as a simple agent on your Windows PC, and the list of benefits is amazing:
- Upgrade rights to Windows 7 Enterprise
- Windows InTune Endpoint Protection (centralized anti-malware solution)
- Centralized Patch Management
- Policy Deployment
- Application Deployment
- Device Reporting
- License Management
When you subscribe to Windows InTune (per-PC subscription) you get the right to upgrade your legacy Windows client (Professional/Business/Enterprise SKUs) to Windows 7 Enterprise. Right there you have the basis for the common operating system required to simplify management.
Windows 7 Enterprise Edition includes two features that Business Edition does not:
- Multiple language support; and
- BitLocker drive encryption technology
With the preponderance of mobile computing these days, as well as organizations doing business around the world, there is no question that Windows 7 Enterprise is an easier feature-by-feature sell than the lower-priced options, but that lower price seems to be a deciding factor so often. With the Use Rights in Windows InTune you don’t have to settle.
Once the Windows InTune agent is deployed on a PC it will start populating the individual computer’s information to the InTune system, and you will be able to get a better idea of what you have. On the Devices screen you will be able to see:
|Computer Name||Total Disk Space||CPU Speed|
|Chassis Type||Used Disk Space||Last User to Log On|
|Manufacturer & Model||Free Disk Space||Serial Number|
|Operating System||Physical Memory||Last Hardware Status|
Included in the Windows InTune installation is the Windows Intune Endpoint Protection engine, which will protect your PCs from malware. It uses the built-in patch management system to keep the definitions up to date, and offers real-time protection, as well as centralized reporting and e-mail alerts to the Help Desk / Support Team / IT Guy when a computer is infected.
InTune 2.0 added the ability to centrally deploy applications to client PCs. InTune 3.0 adds an extra to this – the ability for end-users to install published applications on-demand. The new Company Portal allows users to help themselves on-line, before eventually ‘escalating the call’ to you.
Users can also deploy their own client from the portal, assuming they have the proper credentials. This allows them to download a client using their corporate credentials, rather than you having to send them the file (along with the ACCOUNTCERT file) which would allow anyone (in theory) to install on any device that would automatically be managed by… you.
By far the most common application suite found on desktops in the workplace is Microsoft Office. The most common complaint I hear about Office is the cost (followed by the difficult to understand SKUs). Of course, with Office in the name it is no wonder that it is part of Office 365.
Of course there are several different SKUs to Office 365, and each one has different offerings. The small business SKU (P1) costs $6/month, and does not include the installable suite. However it does include Office Web Apps, which means you can create and edit Word documents, Excel spreadsheets, PowerPoint presentations, and of course use OneNote… all within your web browser. This is great if you work on multiple systems, or if you are ever remote and need to work on a document. The convenience loses its thrill when you realize you cannot work if you don’t have an Internet connection.
The E1, E2, and E3 SKUs do come with the client software, so if that is a requirement then those SKUs (which cost quite a bit more) are probably better for you.
Why you should consider maintaining a server on-site
Our mail server is gone… so are our SharePoint and File Servers. Why then would I still recommend a small server in a small business environment? There are several reasons.
- Active Directory. As I mentioned earlier in the article, AD is a great way to centralize security and credentials. Additionally there are plenty of hooks from Active Directory into Office 365 (which can be covered in a later article).
- Deployment Server. Microsoft Deployment Toolkit 2012 is the perfect companion to your new Windows 7 Enterprise licenses. In under an hour you can create a deployment point that will deploy Windows and all of your applications (including the Lync Client and the Windows InTune agent) in fifteen minutes (or less). It is by far the easiest way to deploy Windows to your desktops, laptops, and even tablets!
- Hyper-V. Although many of our applications will be installed directly onto the laptop, many companies still have server-based applications that require an application server. Hyper-V is the best way to create those servers on-site, for a plethora of reasons that have been outlined ad nauseum previously at www.garvis.ca, and countless other sites. Of course, your virtualized application servers can run any version of the Windows Server operating system, but they can also run any supported client OS, as well as several iterations of Linux (supported and enlightened) and any other x86-based OS (neither supported nor enlightened).
- Group Policy. Although Windows InTune v3 has much better policy support than its predecessors, there is no denying that Group Policy is the best way to granularly control, configure, and secure your client and server environments. Whether you want to enforce secure passwords, BitLocker, or simply set a centralized screen saver and desktop wallpaper, the best way to do it is by creating a GPO in Active Directory.
As you see the combination of cloud-based services from Microsoft and an on-line Windows Server are the best way to manage your entire SMB IT infrastructure, but even if you are not going to maintain an on-premise server the cloud-based services can manage most of the needs of most SMBs.
By the way, there is one more advantage to these solutions… you will always have the latest and greatest. Right now the Windows InTune subscription comes with use rights for Windows 7 Enterprise. When Windows 8 is released, you will automatically have access to that platform. Office 365 comes with Office 2010… but when the next version is released you will have that version right away too!